Security news that informs and inspires

All Articles

984 articles:

Apple Fixes Three Flaws Exploited in the Wild

Apple has patched three bugs in iOS and macOS that have been exploited by attackers.


The Senators Who Will Set the Security and Privacy Agenda in Congress

Whether it's election security, nation-state attacks, or massive data breaches, there is growing pressure on Congress to do something. One way to suss out how the security and privacy agenda will unfold in the 117th Congress is to look at what these Senators have said and done previously.


Privacy Prevails at the Ballot Box

For many voters, Election Day in the United States was more than just about voting for government officials such as the president, lawmakers, judges, and sheriffs. They were also asked to weigh in on referendums, new state laws, and amendments to the state constitution.


Oracle Releases Emergency Patch for WebLogic Flaw

Oracle has pushed an emergency patch for CVE-2020-14750, a remotely exploitable flaw in its WebLogic application server.


Google Discloses Unpatched Windows Flaw Used in Attacks

A windows kernel bug (CVE-2020-17087) is being used in active targeted attacks alongside a recently fixed Chrome bug.

Microsoft, Google

CISA, Microsoft Warn of Continued Attacks on Zerologon Bug

The Zerologon (CVE-2020-1472) vulnerability is continuing to draw attention from attackers and Microsoft is urging enterprises to patch immediately.


UK Regulator Tells Experian to Change Data Processing Practices

The United Kingdom’s Information Commissioner’s Office issued an enforcement notice against Experian last week, ordering the company to make “fundamental changes” to how it handles consumer data.

Gdpr, Privacy

Decipher Podcast: Jeremy Kennelly

Jeremy Kennelly of Mandiant joins Dennis Fisher to discuss the spike in ransomware infections in health care organizations and how ransomware operators are evolving their tactics.

Podcast, Ransomware

If Catching All Attackers Is the Goal, A New Path is Needed

Stairwell, a new startup founded by Google and Chronicle veteran Mike Wiacek, aims to help more organizations stop high-level attackers.

Threat Intelligence, Google

U.S. Sanctions Russian Institute for Triton Malware

The Office of Foreign Assets Control announced sanctions against a Russian research institute for deploying the Triton ICS malware.


KashmirBlack Botnet Targets Unpatched CMS Software

The KashmirBlack botnet exploits multiple flaws in popular content management systems (CMS) is behind millions of attacks per day, including mining for cryptocurrency, redirecting website traffic to spam sites, and defacing websites, Imperva said.


Energetic Bear Attackers Targeting US Government Agencies

A Russian threat group known as Energetic Bear has compromised some state and local government agencies in recent weeks.

Government, Apt

Decipher Podcast: Kurtis Minder

Kurtis Minder, CEO of GroupSense, joins Dennis Fisher to discuss the delicate process of ransomware negotiations and how enterprises are dealing with infections today.


Microsoft Continues Dismantling Trickbot

Talk about a Whack-a-Mole Operation. Microsoft tries to disable Trickbot command-and-control servers faster than botnet operators can rebuild new infrastructure.


Google Patches Bug Used in Active Attacks Against Chrome

Google has fixed a flaw in the FreeType library that attackers are attempting to exploit against Chrome users.